http://www.theregister.co.uk/2009/10/15/sector_network_monitoring_bruhaha/ By Dan Goodin in San Francisco The Register 15th October 2009 Organizers of last week's SecTor security conference collected names, passwords, and all other traffic passing over two Wi-Fi networks provided to attendees, including one that was encrypted, the event's director has confirmed. Borrowing a page from the Wall of Sheep at the Defcon hacker conference each year in Las Vegas, the exercise was designed to draw attention to the perils of public networks, conference organizer Brian Bourne told The Reg. Indeed, Bourne - who is the director of Black Arts Illuminated, the company that puts on the event - found partly obscured credentials for his on Twitter account on the SecTor Wall of Shame. But what made the Wall of Shame different - at least to some attendees - was the sniffing of a network that was represented as secure. The wireless connection carried an SSID named "Sector2009Secured" and was encrypted using the WPA, or Wi-Fi Protected Access, protocol. Before it could be used, attendees had to stop by a booth sponsored by Canadian security vendor eSentire to retrieve the network's pre-shared key. "In 2009, we still have so many applications leaking credentials onto the wire, and we have people still deploying and using insecure protocols," Bourne said. "Our intention with the Wall of Shame was to highlight that." [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Thu Oct 15 2009 - 23:26:16 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 23:42:40 PDT